This year in October 2013, I was very honoured to be able to have the chance to be in several Asian cities, where I met up with the local communities and was a part of locally-organised events to give talks on latest Mozilla developments, e.g. Firefox OS. I was primarily headed to Hack In The Box (HITB) Kuala Lumpur, 2013, and the stopovers were at various Asian cities (or close by), so I figured to drop by.

First up: Kuala Lumpur, Malaysia (Oct 2013)

Petronas Twin Towers, image credit: Someformofhuman via Wikipedia

MozMY community booth at HITB KUL 2013

At the HITB conference in Malaysia, I met the Malaysian community (Thank you for all your help! Terima kasih!), and helped out at HackWEEKDAY.

HackWEEKDAY participants at HITB KUL 2013

It was an event focusing on Firefox OS apps and the then-new App Manager was a large piece of the puzzle. Many thanks to my colleagues Mark Goodwin and Freddy Braun for helping me out. Mark and Freddy fronted the presentation we made to the participants, and they did a very good job at that.

Durian stall in Kuala Lumpur, Malaysia

As a sidenote, I also remember vividly the MozCafe event (great teh tarik!) and kudos to the community for bringing us to durians!

And so I had the idea that I could give a demonstration of App Manager to the communities I’ll be visiting on the way back across the Pacific – based on Mark’s presentation and Jason Weathersby / Paul Rouget’s blogpost. The catch? Even though they all have the same content, they will all be in different languages, at least for the Q&A sessions. (Challenge yourself, why stop at one?)

Believe me, I think this is easier than it sounds – many of us spend time practising for Q&As in one primary language, so all you have to do is to think about the same reply content, but give the reply in multiple languages (aka forking). We may not end up speaking really fluently, but it should be sufficient enough to be understood.

On the way back, cities on my agenda were Singapore (thanks HackerspaceSG for hosting), Taipei (thanks to the Taiwan community for organising the event 謝謝大家！), and finally Hong Kong (thanks Sammy Fung for helping with the venue 多謝曬！).

Next: Singapore

Singapore skyline, image credit: Someformofhuman via Wikipedia

Mozillian community in Singapore, image credit: Chit Thiri Maung

This is likely the largest gathering of Mozillians in Singapore so far. I started off with the demonstration of Unreal Engine 3 engine using asm.js, and people thought that this was just a movie until I actually started controlling the movement of the player, all in the browser. Again, this would be my response to whoever thinks that the web will never be able to rival native apps.

On to the demonstration itself using a Keon 1.2, I recall there was a question about whether the demo will work on a phone. Soon, soon. Not now, not yet, but eventually…

Singapore being a multicultural cosmopolitan society with many people from all races and countries, everyone had no problems understanding and asking questions in English.

And on to: Taipei, Taiwan (臺北，臺灣)

Taipei 101, close to the Mozilla Taipei office

My next destination was Taipei. The Mozilla Taipei office is close to the Taipei 101 – that’s how I took this picture on the way there.

Yuren Ju presenting at a coffee shop in Taipei for MozTW

The MozTW community did all the logistics here, they did an excellent job. I gave my talk together with Yuren Ju (朱昱任) from the Mozilla Taipei office, who gave a fantastic presentation on Gaia development.

Since people in Taiwan prefer to listen to (and ask questions in) Mandarin, I presented in Mandarin for the first time in my life to a public audience. Since Mandarin would arguably be my 3rd/4th language, I sure hope I didn’t do too badly here!

Ultimately, what most impressed me was that the second floor of the coffee shop we were in, was packed throughout. And I really mean packed – arguably about 40+ people in that space no larger than … probably 500-1,000 square feet? People squeezed into spaces, some stood because there was a lack of space. This level of presence by the community, is still unrivalled by most of the other Asian cities I have been to. Most excellent!

And finally: Hong Kong (香港)

Victoria Harbour, image credit: WiNG via Wikipedia

Mozilla community gathered in City University, Hong Kong

Presenting at City University, Hong Kong, image credit: Sammy Fung

Finally, on to Hong Kong. This event was held in City University, where we had 20-30 people come in. Although most people speak Cantonese in Hong Kong, most can understand English fairly well, and there were some foreigners present, so I did the presentation in English. In the Q&A, everyone was free to ask questions in any language they felt most comfortable in (that I could understand), and so there were discussions in both Cantonese and English. I interpreted on-the-fly in English to those who didn’t understand, for the first time in a public audience too!

What most impressed me here, was the duration of the event. It lasted beyond 2 hours, almost 3 if I recall correctly, and while the talk itself was on par with the other countries (<45 mins), the Q&A stretched for some time (~1-1.5 hours?). The discussions here were really intense and this would reflect the immense level of interest in Firefox OS, and they would center more around app development (since most people have experience with the other app platforms).

Whew! What a long blogpost. I hope you are now sufficiently enlightened to visit any of these countries, and contact local Mozillians in the process. I’ll bet that you will have a really good time. :)

]]>https://garykwong.wordpress.com/2013/12/20/whirlwind-trip-through-asia-giving-talks-on-mozilla/feed/0nth10sdPetronas Twin Towers, image credit: Someformofhuman via WikipediaMozMY community booth at HITB KUL 2013HackWEEKDAY participants at HITB KUL 2013Durian stall in Kuala Lumpur, MalaysiaSingapore skyline, image credit: Someformofhuman via WikipediaMozillian community in Singapore, image credit: Chit Thiri MaungTaipei 101, close to the Mozilla Taipei officeYuren Ju presenting at a coffee shop in Taipei for MozTWVictoria Harbour, image credit: WiNG via WikipediaMozilla community gathered in City University, Hong KongPresenting at City University, Hong Kong, image credit: Sammy FungMozillans in North Carolina – Trizillians!https://garykwong.wordpress.com/2013/12/20/mozillans-in-north-carolina-trizillians/
https://garykwong.wordpress.com/2013/12/20/mozillans-in-north-carolina-trizillians/#commentsFri, 20 Dec 2013 09:56:56 +0000http://garykwong.wordpress.com/?p=211Continue reading →]]>After being in Kentucky last year, where I met Curtis Koenig and Stephen Horlander, this year I decided to head to the city of Durham, North Carolina, in a bid to go somewhere in continental US with a low likelihood of wading through inches of snow in winter.

I met up with several Mozillians at a co-working space last Friday, Joel Maher being one, others for the first time (Paul McLanahan & Erik Rose). A pity David Lawrence (:dkl) couldn’t make it, else we’ll possibly have max’ed out the number of Mozillians in the same location in North Carolina till that point!

At the Carolina Basketball Museum, University of North Carolina, Chapel Hill

I managed to squeeze in a roadtrip that weekend with a childhood friend, to Pisgah National Forest (arguably near/in the Blue Ridge Mountains – Country Roads, Take Me Home, anyone?) where the wonderful waterfalls awaited…

]]>https://garykwong.wordpress.com/2013/12/20/mozillans-in-north-carolina-trizillians/feed/0nth10sdA bunch of Trizillians gather in Durham, NCAt the Carolina Basketball Museum, University of North Carolina, Chapel HillLooking Glass Falls, Pisgah National Forest, NCMoore Cove Falls, Pisgah National Forest, NCProtecting Mozilla Firefox users on the webhttps://garykwong.wordpress.com/2013/03/08/protecting-mozilla-firefox-users-on-the-web/
https://garykwong.wordpress.com/2013/03/08/protecting-mozilla-firefox-users-on-the-web/#commentsSat, 09 Mar 2013 05:01:17 +0000http://garykwong.wordpress.com/?p=189Continue reading →]]>I have followed Pwn2Own ever since its inception in 2007. For those of you who do not know what Pwn2Own is, it is a competition in which hackers try to take advantage of software weaknesses in browsers (Internet Explorer, Firefox, Chrome, Safari etc.), put up specially crafted webpages and click on them to try and launch another application, usually calc.exe. They then gain a monetary reward in return. It usually happens on the sidelines of CanSecWest, a yearly security conference held in Vancouver.

During my university days in Singapore on the other side of the world, I always followed this competition with anticipation. I told myself, one day, just one day, I will be at the frontline helping to decipher the problem and help to get the fix out to Firefox users around the world as soon as possible.

Last year in 2012, I was on-site in Vancouver and I witnessed Willem Pinckaers and Vincenzo Iozzo take down Firefox. However, the bug (720079) was already identified and fixed through internal processes.

This year, Pwn2Own became the venue for many exploits against major browsers, including Firefox (bug 848644), as well as other plugins which are more often used in browsers, such as Flash and Java. The team that took down Firefox this year was VUPEN Security, who also punched holes through Internet Explorer 10, Java and Flash.

Some of my colleagues / co-workers were present at the conference and were relaying us information live, while I stayed back at the office preparing my machines to diagnose the issue.

===

The following timeline (all times PST) describes my role behind the scenes with respect to the Firefox exploit by VUPEN, on March 6, 2013:

~3pm: Rumblings heard on IRC channels that Firefox has been moved from its scheduled slot to 5.30pm.

5.30pm: VUPEN gets ready.

~5.54pm: VUPEN takes down Firefox. On-site team gets to work getting details of the exploit.

Looking at the innings of the testcase, together with confirmation with team members over IRC that there is no malicious code present (Proof of Concept (PoC) code just crashes), I manage to reproduce the crash on a fully-patched Windows 7 system.

More analysis from early responders flow in; information such as the attack vector (Editor), Asan stack trace showing the implicated functions (possibly nsHTMLEditRules::GetPromotedPoint).

I did a quick stab at the regression range here. Using the bisection technique described here, I found that early January 2012 builds did not crash, whereas early January 2013 builds did crash.

The testcase seemed initially tricky; until it was eventually found (quite awhile later) that one could reliably trigger this with one tab that somehow caused the “pop-up blocked” info bar to show, I had to try the testcase repeatedly, sometimes reloading, sometimes closing then opening the browser again to trigger the crash.

Using mozregression here might have been a good idea – however due to an incorrect decision whether a particular build was crashing or not, one would bisect down to an incorrect regression window and waste precious time.

Time was of the essence here – the sooner one gets an accurate regression window, the faster a developer can potentially pinpoint the cause of the crash.

I found myself repeatedly downloading and checking builds to see if they did crash or not. Sometimes the crash happened immediately on load (with the initial PoC). Other times it happened only after a few minutes, or only after a restart.

I eventually settled on the following regression window: crash happens on the October 6, 2012 nightly, but not on the previous day’s (October 5), and I posted a comment, so this could get confirmation from other people. I then immediately looked through the hgweb regression window to see if anything stood out – bug 796839 seemed to be a likely cause, but everything else was still a possibility.

in that regression window, more clues emerge. The Asan stack trace pointed to nsHTMLEditRules::GetPromotedPoint being part of the bigger picture here, and some detective work showed that in this changeset from bug 796839, the file editor/libeditor/html/nsHTMLEditRules.cpp was changed, and this was the file that nsHTMLEditRules::GetPromotedPoint was located in.

Coincidence? Probably. However, this made everything more likely. At this point in time, it was 8pm, approximately one hour from the point in which the testcase was obtained.

I began to consider (and possibly discount) other possibilities, including bug 795610. Thanks to great work by Nicolas Pierron and his git wizardry, we found that nsHTMLInputElement::SetValueInternal (also implicated in the Asan stack trace), existed in nsHTMLInputElement.cpp which was modified in that bug. However, this possibility was quickly discounted.

This made bug 796839 extremely likely to be the root cause, because it was landed on mozilla-central during the version 18 nightly window, but was backported to mozilla-aurora at that time, which was the version 17 branch. Bug 796839 would encompass the patch landing that inadvertently opened up a vulnerability in Firefox.

Credit must be given to the other Mozilla folks in this effort, who have, outside of normal day working hours, worked till late night to make this possible. I am proud to be part of this fabulous team effort.

It certainly has been my honour to have helped keep Mozilla users safe on the web.

]]>https://garykwong.wordpress.com/2013/03/08/protecting-mozilla-firefox-users-on-the-web/feed/9nth10sdMozCamp Asia 2012 (Singapore) – My experience in 5 languages: English, Mandarin, Cantonese, Singlish, Koreanhttps://garykwong.wordpress.com/2012/11/18/mozcamp-asia-2012-singapore-my-experience-in-5-languages-english-mandarin-cantonese-singlish-korean/
https://garykwong.wordpress.com/2012/11/18/mozcamp-asia-2012-singapore-my-experience-in-5-languages-english-mandarin-cantonese-singlish-korean/#commentsSun, 18 Nov 2012 19:00:25 +0000http://garykwong.wordpress.com/?p=178Continue reading →]]>MozCamp Asia just finished a few hours ago. ~200 of us gathered in this small rainy and humid city-state, at the Scape (at Somerset) and the Hub just across, and raining consistently every afternoon at approximately 3-4pm was probably an interesting experience to some folks unaccustomed to it. Welcome to a tropical climate!

Anyway, I just thought to blog my experience in the 5 parts, each containing 1 part of a spoken language that I actually spoke. I apologize in advance if parts of the upcoming multilingual paragraphs are incorrectly expressed, but plowing through 5 spoken languages at MozCamp to different communities was an incredibly extraordinary experience that I wanted to share with everyone. The regions in parentheses were regions where people I personally spoke to, actually came from.

Here goes:

English (for Westerners/Others): When I first arrived at MozCamp, it had a homely feeling. I studied in Singapore for over 20 years, and after moving to the States for work, coming back was a surreal experience. Was I a local? Was I a foreigner? I just had to adapt.

Singlish (for Singaporeans/Southeast Asian friends): And then after that I was vely vely lucky to meet people from Southeast Asia, some again and again these few years. They all very very friendly, make me sometimes miss the times when I was around here. I super enjoyed my time leh, got good local food, got many friend, all vely vely happy.

Note: All of the phrases, including the translations, are off the top of my head, with virtually zero references from anywhere else. I make no guarantee to their grammar correctness / colloquial updated-ness at all. Once again, I apologize if I had inadvertently made any errors.

Note 2: Cantonese and Singlish are largely spoken languages, and as such may make absolutely no sense when written down. Also, Singlish is not exactly a new language of its own, but it’s unique enough to be understandable by folks from Southeast Asia and relatively not to someone from anywhere else / the Western world, so I’ve included it in.

===

English version/translation (may not be 100% accurate):

ENGLISH: When I first arrived at MozCamp, it had a homely feeling. I studied in Singapore for over 20 years, and after moving to the States for work, coming back was a surreal experience. Was I a local? Was I a foreigner? I just had to adapt.

MANDARIN: Very quickly, I met up with a lot of old friends again, and was very fortunate to be able to meet a lot of new ones. Our Mandarin-speaking friends not only came from mainland China or Taipei, I also met folks from France and Australia who were able to speak somewhat decent Mandarin. What a interesting/mysterious world.

CANTONESE: There were interesting and unique activities. I especially enjoyed the session titled “Help the UX Team Understand Security and Privacy Concerns in Asia“, by my co-worker also from our American office. She is Larissa Co. This activity was very interesting and fun. After the activity, I was deeply honoured to be able to meet Sammy Fung, one of our community members from Hong Kong, and the first I’ve met in person. Pleased to meet you!

SINGLISH: After that, I was very lucky to be able to meet people hailing from Southeast Asia. For some, it was a case of meeting up again these few years. Everyone was very friendly, indirectly causing me to miss those days when I was in Singapore. I definitely enjoyed these few days, with lots of local foods and many happy friends.

KOREAN: I went to dinner with Korean friends. Korean friends like local, cheap and good Singapore food. I like it too. Went to Night Safari in a taxi. Night Safari was interesting.

Addendum: There were times when I would get confused and mix languages up. e.g. Speaking Singlish to a community not accustomed to it, or Chinese to others. Rectification usually took a few seconds/minutes.

]]>https://garykwong.wordpress.com/2012/11/18/mozcamp-asia-2012-singapore-my-experience-in-5-languages-english-mandarin-cantonese-singlish-korean/feed/1nth10sdValgrind builds are now green on TBPLhttps://garykwong.wordpress.com/2012/10/11/valgrind-builds-are-now-green-on-tbpl/
https://garykwong.wordpress.com/2012/10/11/valgrind-builds-are-now-green-on-tbpl/#commentsThu, 11 Oct 2012 23:35:34 +0000http://garykwong.wordpress.com/?p=143Continue reading →]]>Valgrind builds are now green on TBPL as of this morning!

I filed bug 800435 to get the build unhidden – previously it was hidden on tbpl.mozilla.org (TBPL) because it was always fiercely burning.

Note that the some of the multiple builds you see in the screenshot were manually triggered, otherwise only one per day is automatically scheduled.

Note that the run-time speed of the application will take a substantial hit – it can take a long time to start up a Valgrind build. Moreover, a fairly powerful computer running Linux / Mac (preferably Linux) with about 4 GB memory is recommended. Tests are thus run once a day due to the slowdown, and we currently run only PGO tests (a small subset of our tests, note that our Valgrind builds are not PGO though).

How was this accomplished?

It is important to note that a lot of work by other folks was put in a year or two ago to get Valgrind showing up before it was hidden by default on TBPL for being perma-red. I then stepped up to help turn it green since I had some experience in running JavaScript binaries with Valgrind, and we all love greenery. :)

Shout-outs go out to the following people: Julian Seward, Nicholas Nethercote, Jesse Ruderman, Ted Mielczarek, Releng folks Chris AtLee, Nick Thomas and Rail Aliiev, our sheriffs edmorley, philor, RyanVM, and all others whom I have inadvertently left out. Without any of your collaboration and hard work we would be unable to have this set of Valgrind greenery. You folks rock!

Edit: Bug 800435 has been fixed, Valgrind builds now appear by default, thanks Ehsan! See the following screenshot:

as well as some initiatives undertaken by Mozilla Online (our Beijing friends in China).

Gary Kwong is a Mozilla engineer based in Mountain View, California. This will purely be a sharing session of Gary’s own personal experience based upon a week of observation and interaction with our Mozillian friends in Beijing in mid-June 2012.

First Mozilla gathering in Louisville, Kentucky at Havana Rumba Cuban on May 02, 2012.

Today was the first lunch gathering of several Mozillians in Kentucky! I am really fortunate to be able to experience life in the South for the first time, and together with Curtis Koenig (on the left), met up with Stephen Horlander (on the right) at the Havana Rumba Cuban cafe in Louisville.

These few days have been great – after work was done during the day we headed to do stuff that one can barely think of in the urban areas, such as harvesting asparagus:

Harvesting asparagus on farmland!

It was great to see lots of farmland, horses, vast areas of greenery, and of course, bourbon, having hailed from urban areas all my life. First time to see asparagus growing in the soil (yeah, probably due to me only ever seeing them in grocery stores)…

The component to be attached to a John Deere combine harvester is huge..

… huge John Deere farming machines such as combine harvesters (things that I only got to read about, if I knew them at all) …

These are chicken and dumplings from Cracker Barrel.

… dumplings (noodles) from the South (the white sauce on the chicken and dumplings is very tasty) …

White Castle drive-in, they make sliders and are very popular locally.

]]>https://garykwong.wordpress.com/2012/05/02/first-mozlou-gathering-in-kentucky/feed/3nth10sdMozLou in KentuckyAsparagusComponent of a John Deere machineChicken and dumplings from the SouthWhite CastleWhat Mozilla is about..https://garykwong.wordpress.com/2012/04/15/what-mozilla-is-about/
https://garykwong.wordpress.com/2012/04/15/what-mozilla-is-about/#commentsMon, 16 Apr 2012 06:10:35 +0000http://garykwong.wordpress.com/?p=117Continue reading →]]>Recently, I was in a group of friends where I was the new guy, and there were the usual questions about where you’re from, and what you do, etc. Having said that I worked in Mozilla, including Firefox, the folks perked up asking about update fatigue and comparisons with competing browsers.

However, once I mentioned that Mozilla always puts the needs and wants of the end-user first on its priority list and not to maximise profit for itself nor its shareholders, (or something along those lines because I was not speaking in English), the whole room simply went, “Whoa……” with a smile on most faces.

Rust is a prospective language which just had its version 0.1 released, and coming from a background that does not hail from C or C++, learning it seemed quite daunting. Starting off writing Java in college and digesting Python in my free time helped, but just a little. Since I previously had some time on a plane and not really sleeping, I’ve been looking at ways to simplify learning Rust, and hopefully by guiding you, as a reader, along the way will help us share our experiences and enhance learning opportunities for all.

But seriously, what is Rust? You can find a short write-up here, along with things like not allowing null pointers (Yay! no more null crashes). Various other technical bits are way above me now. Nonetheless, follow the instructions to obtain your Rust compiler. In the following examples, save the code snippets in a test.rs file, renaming “test” to whatever you like as long as it still ends with .rs, compile it with the Rust compiler “rustc test.rs” and then execute the compiled file “./test”.

Alright, so let’s dive into Rust. To print a statement, let us understand that we first have to import a standard library or a module, known as std.

use std;

It’s like including iostream.h in C++.

Once we’ve done that, we can now print a statement:

use std;
fn main() {
std::io::println("Hello World!");
}

to get:

Hello World!

(In Python, it is the equivalent of “print ‘Hello World!”)

In Rust, it is necessary to have a main function. The double colons “::” mean that it is calling println within module io within the std module. It’s similar to System.out.println in Java. Note that semicolons “;” at the end of the lines seem to be necessary most of the time — there are special circumstances where “;” is not needed at the end, but let’s leave that for later.

How about a number? I would like to create a local variable, which is a number, and print it. In this case, we use `let`:

Two new things here. One is “let x: int = 8;”, which means create a local variable x of the type int, and set its value to 8. Again, there will be situations in the future where you leave out specifying the type, and in those cases the type will be inferred (the compiler will “guess” the type).

Second, note that we cast x to a string before printing it. In Rust, we cannot print a number without first changing its type to a string. This is done by calling str from the int module and passing in x, so we have “int::str(x)”.

You should get the output:

Our number is: 8

You may have noticed that Rust uses shortened keywords, such as “fn” for a function. It also uses “ret” for returning values. We will see more of this as we go along.

Next up, let’s construct a separate function instead of cramming everything up in main, and have it print our favourite number again: